GnuPG fails to connect to 127.0.0.1 when many domains are specified in /etc/hosts
Open, NormalPublic

Description

I'm running a test suite against a mocked HKP server on localhost. I'm specifically using hkp://127.0.0.1 to avoid any DNS lookups. Nevertheless, GnuPG attempts to use DNS and fails, apparently because it doesn't allocate large enough buffer:

2019-10-25 08:34:50 dirmngr[118495] listening on socket '/run/user/1000/gnupg/d.zn5hout1pfhjjyp74m8pfdxe/S.dirmngr'
2019-10-25 08:34:50 dirmngr[118496.0] permanently loaded certificates: 141
2019-10-25 08:34:50 dirmngr[118496.0]     runtime cached certificates: 0
2019-10-25 08:34:50 dirmngr[118496.0]            trusted certificates: 141 (140,0,0,1)
2019-10-25 08:34:50 dirmngr[118496.0] failed to open cache dir file '/tmp/tmp4teki88d/crls.d/DIR.txt': No such file or directory
2019-10-25 08:34:50 dirmngr[118496.0] creating directory '/tmp/tmp4teki88d/crls.d'
2019-10-25 08:34:50 dirmngr[118496.0] new cache dir file '/tmp/tmp4teki88d/crls.d/DIR.txt' created
2019-10-25 08:34:50 dirmngr[118496.0] error enabling fast daemon termination: Too many open files
2019-10-25 08:34:50 dirmngr[118496.5] handler for fd 5 started
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> # Home: /tmp/tmp4teki88d
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> # Config: /tmp/tmp4teki88d/dirmngr.conf
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> OK Dirmngr 2.2.17 at your service
2019-10-25 08:34:50 dirmngr[118496.5] connection from process 118493 (1000:1000)
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 <- GETINFO version
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> D 2.2.17
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> OK
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 <- KEYSERVER --clear hkp://127.0.0.1:32147
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> OK
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 <- KEYSERVER
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> S KEYSERVER hkp://127.0.0.1:32147
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> OK
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 <- KS_GET -- 0x81E12C16BD8DCD60BE180845136880E72A7B1384
2019-10-25 08:34:50 dirmngr[118496.5] resolve_dns_addr failed while checking '127.0.0.1': Buffer too short
2019-10-25 08:34:50 dirmngr[118496.5] number of system provided CAs: 140
2019-10-25 08:34:50 dirmngr[118496.5] can't connect to '127.0.0.1': no IP address for host
2019-10-25 08:34:50 dirmngr[118496.5] error connecting to 'http://127.0.0.1:32147': Unknown host
2019-10-25 08:34:50 dirmngr[118496.5] marking host '127.0.0.1' as dead
2019-10-25 08:34:50 dirmngr[118496.5] host '127.0.0.1' marked as dead
2019-10-25 08:34:50 dirmngr[118496.5] command 'KS_GET' failed: No keyserver available
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> ERR 167772346 No keyserver available <Dirmngr>
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 <- BYE
2019-10-25 08:34:50 dirmngr[118496.5] DBG: chan_5 -> OK closing connection
2019-10-25 08:34:50 dirmngr[118496.5] handler for fd 5 terminated

That's probably the direct cause:

$ grep 127.0.0.1 /etc/hosts | wc -l
3056

If GnuPG insists on doing unnecessary DNS lookups, it could at least be equipped to handle large results. Or at least handle failures gracefully.

Details

Version
2.2.17
mgorny created this task.Oct 25 2019, 10:46 AM
mgorny created this object in space S1 Public.
werner triaged this task as Normal priority.Oct 25 2019, 11:00 AM
werner added projects: dirmngr, dns, gnupg (gpg23).